Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix!: use client ip when creating connection logs for workspace proxied app accesses #19788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix!: use client ip when creating connection logs for workspace proxied app accesses #19788

wants to merge 1 commit into from

Conversation

ethanndickson
Copy link
Member

@ethanndickson ethanndickson commented Sep 12, 2025
edited
Loading

Breaking API Change:

The presence of the ip field on codersdk.ConnectionLog cannot be guaranteed, and so the field has been made optional. It may be omitted on API responses.

When running a scaletest, I noticed logs of the form:

2025-09-12 06:34:10.924 [erro]  coderd.workspaceapps: upsert connection log failed  trace=0xa17580  span=0xa17620  workspace_id=81b937d7-5777-4df5-b5cb-80241f30326f  agent_id=78b2ff6d-b4a6-4a4e-88a7-283e05455a88  app_id=00000000-0000-0000-0000-000000000000  user_id=00000000-0000-0000-0000-000000000000  user_agent=""  app_slug_or_port=terminal  status_code=404  request_id=67f03cf8-9523-444a-97bc-90de080a54c8 ...
    error= 1 error occurred:
           	* pq: null value in column "ip" of relation "connection_logs" violates not-null constraint

to ensure logs are never omitted from the connection log due to a missing IP again (i.e. I'm not sure if we can always rely on a valid, parseable, IP from (http.Request).RemoteAddr), I've removed the NOT NULL constraint on ip on connection_logs, and made ip on the API response optional.

The specific cause for these null IPs was the /workspaceproxies/me/issue-signed-app-token [post] endpoint constructing it's own http.Request without a RemoteAddr set, and then passing that to the token issuer.

To solve this, we'll have workspace proxies send the real IP of the client when calling /workspaceproxies/me/issue-signed-app-token [post] via the header Coder-Workspace-Proxy-Real-IP.

@ethanndickson Graphite App
Copy link
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ethanndickson ethanndickson force-pushed the ethan/proxied-app-connection-log-fix branch from dd9ae88 to 9ea7924 Compare September 12, 2025 07:21
@ethanndickson ethanndickson marked this pull request as ready for review September 12, 2025 07:29
@github-actions github-actions bot added the release/breaking This label is applied to PRs to detect breaking changes as part of the release process label Sep 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deansheather deansheather deansheather approved these changes

Assignees

@ethanndickson ethanndickson

Labels
release/breaking This label is applied to PRs to detect breaking changes as part of the release process
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ethanndickson @deansheather